*  HIPAA  is  the  federal  Health  Insurance  Portability  and  Accountability  Act  of  1996.  The  primary  goal  of  the  law  is  to  make  it  easier  for  people  to  keep  health  insurance,  protect  the  confidentiality  and  security  of  healthcare  information  and  help  the  healthcare  industry  control  administrative  costs    *  Acronym for Health Insurance Portability and

Accountability Act of 1996.

*  1. Explain why there is a federal privacy law. *  2. Describe examples of protected health information (PHI). *  3. Explain the privacy rights patients have. *  4. Describe safe privacy practices. *  5. Understand how to report violations *  6. Understand HIPAA’s penalties. *  7. Understand the importance of responsible social

networking.

*  Enacted to: *  Protect the privacy of a patient’s personal and health

information. *  Provide for electronic, and physical security of

personal and health information. *  Reduce health care fraud and abuse.

*  In 1996 a public health worker sent two newspapers a computer disk containing the names of 4,000 people who tested positive for HIV. *  In 2008, thirteen employees were fired and six others

suspended at UCLA for inappropriately viewing medical records of Britney Spears. *  In 2013, six employees (3 physicians) were fired at

Cedars-Sinai Medical Center for trying to access Kim Kardashian’s medical records when she gave birth

*  All healthcare organizations and providers including: hospitals, physician offices, health plans, employers, public health authorities, life insurers, clearing houses, billing agencies, information system vendors, service organizations and universities. These are known as covered entities for HIPAA’s privacy and security regulations and they must comply with its regulations.

*  Covered entities must implement standards to protect and guard against the misuse of individually identifiable health information. Failure to comply may cause the imposition of civil or criminal penalties.

*  Gives patients more control over their health information. *  Sets boundaries on the use and release of health

records. *  Establishes safeguards that persons with access to

health records must uphold to protect the privacy of health information. *  Holds violators accountable with penalties under

certain circumstances.

*  PHI is the medical record including the demographic (face) sheet, photographs, footprint sheet, finger or voice prints, any identifiable health information. *  This also includes census reports.

*  Only healthcare providers who are directly involved in providing treatment, payment, or involved with healthcare operations are authorized to have access to patient information. *  TPO (see next slide)

*  Treatment – the coordination by one or more health care providers (EXAMPLE: consult)

*  Payment – reimbursement, health plans *  Healthcare Operations – legal, administration,

quality improvement, credentialing

*  Students need to be very careful in sharing PHI. *  Patients must be present, with the chance to object

when sharing PHI with family and friends. If the patient does not object then you may share information that is directly relevant to that persons’ involvement. *  ROI is always done by trained employees.

*  Treat all communication with privacy. *  Be MINDFUL of technology!!! *  Locations- be mindful of privacy when discussing

patient information. (BEWARE OF ELEVATORS, CAFETERIA, GIFT SHOP) *  Students as well as employees, volunteers and

contract personnel need to adhere to privacy practice rules and regulations.

 

*  To ensure privacy of patients the provider must: *  Provide information to patients about their privacy

rights including how their information will be used. *  Enforce privacy procedures. *  Train employees regarding privacy procedures. *  Designate a Privacy Officer who will be responsible

for ensuring that privacy procedures are adhered to.

*  Secure patient records so they are not readily available to those who do not need them. *  Comply with the minimum necessary information

requirements. *  Allow patients access to their records. *  Notify patients of anyone who has seen their

records. *  Provide a formal complaint process for patients.

*  Documentation of training is required from the various entities. *  Barry University will ensure that all nursing

students receive HIPAA training. You will be given a quiz that you must pass. You will also be asked to sign a confidentiality agreement which will be kept on your file.

*  Civil *  $100 for each violation up to $25,000/person/year for

multiple violations. *  Will not impose fines under certain circumstances, if

violation did not involve willful neglect and the violator corrects violation within 30 days of when violation was known.

 

*  Criminal Penalties *  A person who knowingly obtains or discloses individually

identifiable information in violation of HIPAA will face a fine of $50,000 and up to one-year imprisonment.

*  Criminal penalties increase to $100,000 and up to five years imprisonment if the wrongful conduct includes false pretenses.

*  $250,000 and up to ten years in prison if involves intent to sell, transfer or use identifiable health information for commercial advantage, personal gain or malicious harm.

*  All providers must establish methods for reporting violations through the Privacy Officer. *  Students should report violations to their faculty

member who will follow through with the appropriate procedure. *  The Privacy Rule is enforced by the HHS (Health

and Human Services), Office of Civil Rights (OCR)

*  #1 *  You are assigned to a patient on the postpartum

unit. She delivered a healthy baby boy the previous day. As you enter the room with the nurse, you notice other family members in the room. The nurse proceeds to assess the patient in the presence of the relatives. *  What could have been done differently?

*  #2 *  Your co-worker has been admitted to the hospital

and is refusing visitors. You are very concerned about her. Another co-worker tells you he can access her medical records easily and find out her admitting diagnosis and lab results. *  What do you do?

*  #3 *  You are doing clinicals at X Medical Center. You

notice a physician walk away from an open chart, which he left visible to visitors passing by. He entered a patients room. You look over and see that he is not finished writing orders. *  What do you do?

*  #4 *  Mr. Y calls the nurses station, frantic. His girlfriend

has been admitted to the emergency room and he wants to know her disposition. He is able to tell you her full name and address and offers to tell you her social security number. *  How much information can you give him regarding

her condition?